Hello all,
I have a simple problem with configuring ipfilter on Solaris 8. I would
like to configure ipfilter so that all the machines in the internal network
are blocked, and redirect http requests from these machines to squid running
on the same machine. But for specific machines on the internal network, I
would like to set up nat rules to allow them to access the Internet.
This is what I tried: (hme1 is the internal interface, hme0 is the
external interface, 192.168.2.222 is the machine for which nat must be
enabled, 192.168.2.254 is the ip address on the internal interface and
172.18.0.254 is the ip address on the external interface)
ipf.conf
pass in quick on lo0 all
pass out quick on lo0 all
block in on hme1 all
pass in on hme1 proto tcp from any to any flags S keep state
pass in on hme1 proto udp from any to any keep state
pass in on hme1 proto icmp from any to any keep state
pass out on hme1 proto tcp from any to any flags S keep
state
pass out on hme1 proto udp from any to any keep state
pass out on hme1 proto icmp from any to any keep state
ipnat.conf
map hme0 192.168.2.222/32 -> 172.18.0.254/32 portmap tcp/udp
auto
map hme0 192.168.2.222/32 -> 172.18.0.254/32
rdr hme1 0.0.0.0/0 port 80 -> 192.168.2.254 port 3128 tcp
What happens is that http requests from 192.168.2.222 are also
redirected to squid. I guess this happens as nat rules are run first on
these requests on the internal interface and so it hits the RDR rule. How
can this be avoided?
M.VISWANATH
Millenium Center,
85 Kutchery Road,
Mylapore,Chennai - 600004
Phone(O) :24616768 Ext 311,313
(R):044-24417140
Mobile :9840066012
